by Anton Chuvakin | November 2, 2012 | Comments Off on Security Planning Guide for 2013
Our team (specifically Ramon Krikken | Phil Schacter | Eric Maiwald | Dan Blum | Mario de Boer | Anton Chuvakin) has just released an annual security planning guide: “2013 Planning Guide: Security and Risk Management.” Every GTP customer should go and read it! It’s abstract states that “The Nexus of Forces brings great opportunities and risks. This Planning Guide provides information security and risk teams with invaluable insights for prioritizing security and risk projects in 2013.”
In the guide, our team tackles the following topics:
- Endpoint Security and Mobility
- Network and Data Center Security
- Application and Software Security
- Data Security
- Cloud Security
- Monitoring Trends
- Security Programs and Governance
- IT-GRC Tools
- Vulnerability Management
Here are a few fun quotes:
- “Gartner has identified the effects of the Nexus of Forces — information, social, mobile and cloud — as the key macro trends driving IT and information security in 2013.” […] The impetus and nature of these trends are described in more detail in "2013 Professional Effectiveness Planning Guide: Coming to Terms with the Nexus of Forces."
- “Building controls that work with a variety of endpoints, cloud services, and hybrid IT means focusing on agile security programs and architecture, which includes monitoring as an important component.” […] “in an increasingly hybrid IT and mobile world, monitoring must see farther beyond the walls, farther above the infrastructure layers and deeper into the application context.”
- “Other continuing security market drivers are the effects of general volatility on security, a more dangerous threat landscape, complex and evolving regulatory standards of protection, consumerization and mobility, and the ongoing transformative effects of cloud computing.”
- “Security information and event management (SIEM) solutions are vital as the hub for security monitoring, but other tools such as DLP and database audit and protection (DAP) are needed. Enterprises must prioritize goals and operationalize monitoring to make it effective.”
- “Implement alert triage and report review processes, and commit people to executing them. Bulk up the gaps with dedicated service providers or tool vendor professional services.”
Finally, I know that some of my esteemed blog readers are upset that I occasionally post links to materials requiring various forms of Gartner subscriptions. Well…mmm…get a subscription already!
- This year identity and privacy planning guide: “2013 Planning Guide: Identity and Privacy”
- Last year security planning guide
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.